Microsoft today released an Out of Band Security Update to address a .LNK vulnerability in Windows. MS10-046 addresses that vulnerability in Windows which has a maximum severity rating of Critical and an Exploitability Index rating of 1. The security vulnerability affects all supported editions of Windows XP, Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. It is recommended that customers deploy the updates as soon as possible to help protect their computers from criminal attacks. In order to continue to benefit from security releases, customers who are currently on unsupported version of Windows upgrade to the latest version of Windows.
More to come,
Subscribe to the TechNet Flash newsletter
Good point. Take a look at this post that talks about more ways to resolve MS10-046 on machines running XP SP2
This patch (listed as for XP Embedded only) actually works on any XP SP2 system:
blog.securityactive.co.uk/.../patching-windows-xp-sp2-for-the-shortcut-lnk-vulnerability-ms10-046 for reporting this.